SonicWall has denied a zero day is being exploited in its SSLVPN appliances, saying after an investigation that attacks on customers identified by Huntress Labs and Arctic Wolf relate to an earlier CVE.

The company’s update comes after cybersecurity firm Arctic Wolf said it was seeing attacks where, “in some instances, fully patched SonicWall devices were affected following credential rotation…” and suggested the “high likelihood of a zero-day vulnerability”; Huntress had agreed.

But SonicWall told The Stack in an emailed comment that it has “thoroughly investigated the matter, and based on current findings, we have high confidence that this activity is related to CVE-2024-40766, which was previously disclosed and documented in our public advisory SNWLID-2024-0015, not a new zero-day or unknown vulnerability.”

Join peers following The Stack on LinkedIn

It added in response to questions from our team that “we don’t control, and can’t predict, when or how threat actors choose to act. We don’t know the internal cadence or strategies of ransomware groups, but what we do know is that they often opportunistically target configurations where best practices may not have been fully applied — for example, when password resets weren’t completed after firewall migrations.”

 The company insisted that “the affected population is small, fewer than 40 confirmed cases, and appears to be linked to legacy credential use during migrations from Gen 6 to Gen 7 firewalls,” adding that “we’ve issued updated guidance, including steps to change credentials and upgrade to SonicOS 7.3.0, which includes enhanced MFA protections.”

 Since the initial discovery… We’ve directly notified affected customers and partners, published detailed mitigation guidance, and shared updates through our official channels, including a live knowledge base (KB) article. Our teams have also reached out individually via social media to assist users and answer questions in real time. In parallel, we’ve engaged with media outlets to provide clarity and context, reinforcing our commitment to open communication and swift resolution,” the firm added by email.

The link has been copied!